Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward

Why company hacks tend to happen over holiday weekends

July 6, 2021, 10:34 PM UTC

Long weekends are becoming the choice time for cyber criminals to attack, and the Kaseya ransomware attack over the July 4 holiday weekend is just the latest example. 

Businesses around the globe scrambled to handle the cyber attack by a Russia-connected group called REvil that targeted the customers of software vendor Kaseya—an incident that researchers say could be one of the broadest ransomware attacks on record, with up to 1,500 businesses affected and a ransom demand of $70 million.  

This is a familiar pattern. The massive breach of Target’s 1,797 stores in 2013 came the day before Thanksgiving that year. The SolarWinds breach in 2020 came just before Christmas, attacking about 100 private organizations and branches of the U.S. military. And the SolarWinds hackers showed up again this past Memorial Day weekend, sending malicious emails to 350 organizations—although the attack was largely unsuccessful, according to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA). 

Cyber criminals from nation states target U.S. holidays for a reason: IT staff will likely be out of town, and it’s more difficult to react and react quickly to an attack making its way through a corporate network. Thieves know they’ll have more time to try various passwords and usernames and extend their reach to more devices. Companies may often need to call in an outside expert to deal with the hack. “They know that the organizations are operating with skeleton crews,” says James McQuiggan, a spokesman for KnowBe4, a Clearwater, Florida-based company that provides security training for businesses. 

Meanwhile, attackers will shut down a company’s operations and demand ransoms that increase every day. Companies may be more likely to pay quickly rather than wait out the holiday weekend—which would mean more business lost and quite possibly a larger ransom to pay, said Demi Ben-Ari, CTO and cofounder of Panorays, a New York-based security risk company.

The familiar pattern of holiday hacking prompted Bryan Hornung, CEO of Philadelphia-based Xact I.T. Solutions, to warn on his cybersecurity YouTube channel last week that there would likely be a Fourth of July hack. Russian hackers, he said, study U.S. culture and behavior, and they strike when people aren’t paying attention. “Companies aren’t doing enough to stop them,” he said. 

Ransomware attacks have exploded, growing by 150% in 2020. Damages from cybercrime may hit $6 trillion this year, up from $3 trillion in 2015, according to the State of Ransomware report by security firm BlackFog. To protect themselves, security experts say companies should employ tools to monitor their networks for anomalies when IT workers are away, and they should implement regular training for employees on the latest cyber tricks used by hackers—attacks they expect to continue. Said Hornung: “All businesses, regardless of size, are going to have to deal with ransomware in the very near future.”

Correction, July 7, 2021: A previous version of this article misstated the scope of the SolarWinds hack.

Subscribe to Fortune Daily to get essential business stories straight to your inbox each morning.